Deleting RSA Key-Pairs from Your Switch
Note
Step 6
switch(config-trustpoint)# end
switch#
Returns to EXEC mode.
Step 7
switch# copy running-config startup-config
Copies the running configuration to the startup configuration to ensure the configuration is persistent across
reboots.
Deleting RSA Key-Pairs from Your Switch
Under certain circumstances you may want to delete your switch's RSA key-pairs. For example, if you believe
the RSA key-pairs were compromised in some way and should no longer be used, you should delete the
key-pairs.
To delete RSA key-pairs from your switch, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto key zeroize rsa MyKey
Deletes the RSA key-pair whose label is MyKey.
Step 3
switch(config)# end
switch#
Returns to EXEC mode.
Step 4
switch# copy running-config startup-config
Copies the running configuration to the startup configuration to ensure the configuration is persistent across
reboots.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
130
If the identity certificate being deleted is the last-most or only identity certificate in the device, you
must use the force option to delete it. This ensures that the administrator does not mistakenly delete
the last-most or only identity certificate and leave the applications (such as IKE and SSH) without
a certificate to use.
Configuring Certificate Authorities and Digital Certificates